> And the problem appears to be compounded by dofus legacy implementations
> that don't support PFS greater than 1024 bits. This comes from a
> misunderstanding that DH keysizes only need to be half the RSA length.
> So to go above 1024 bits PFS we have to either
> 1) Wait for all the servers to upgrade (i.e. never do it because the won't
> upgrade)
> 2) Introduce a new cipher suite ID for 'yes we really do PFS at 2048 bits
> or above'.

Can the client recover and do something useful when the server has a
buggy (key length limited) implementation?  If so, a new cipher suite
ID is not needed, and both clients and servers can upgrade asynchronously,
getting better protection when both sides of a given connection are
running the new code.

In the case of (2) I hope you mean "yes we really do PFS with an
unlimited number of bits".  1025, 2048, as well as 16000 bits should work.

The cryptography mailing list

Reply via email to